Senior Security Engineer
About The Position
Flexcar is seeking a dedicated Security Engineer as an individual contributor responsible for safeguarding a broad attack surface that includes Flexcar’s web and mobile applications, physical locations, and its remote team members. This is a highly collaborative role that will require working across all facets of the Flexcar organization. You will be expected to champion the development and implementation of proactive defense measures across the entire organization, collaborating across multiple teams to maintain our high security standards, and educating members of the organization in the realms of general security awareness as well as best practices when it comes to delivering software. This role requires a candidate who is a self-starter and capable of managing multiple requests from various teams within the Flexcar organization.
Requirements
- Web Application Security
- Hands-on experience with managing a Web Application Firewall, including the creation of custom rules, rate limiting, and managing vendor rulesets.
- Must understand the current OWASP Top 10 and demonstrate the ability to educate others on how to identify and mitigate associated risks.
- Must have experience with deploying and managing defensive measures, aka “Blue Teaming”.
- Must have experience organizing and managing third-party penetration tests and ensuring that all findings are addressed in a timely manner.
- Hands-on experience with threat modeling.
- Experience leading tabletop sessions with members of the engineering team as well as non-technical members of the organization.
- Demonstrated ability to conduct Open-Source Intelligence (OSINT) against the organization and its resources.
- Demonstrated ability to conduct internal offensive security campaigns against Flexcar’s web application and the organization itself.
- Secure Infrastructure & Tooling
- Experience creating CI/CD workflows and utilizing open-source security tools.
- Experience with static analysis tools for code, dependencies, and container images.
- Familiarity with AWS security tools and resources.
- Familiarity with Terraform.
- Experience with hardening Microsoft Entra (Azure AD) and O365.
- Proven experience with Identity and Access Management.
- Experience with administration of common Managed Detection and Response (MDR) solutions.
- Hands-on experience with scripting languages like Python.
- Incident Management
- Proven ability to serve as a Security Incident Commander.
- Ability to use the tools available for leading forensic analyses and guiding investigative efforts.
- Demonstrated ability to conduct threat hunting based on new threats as they are discovered or disclosed by the larger security community.
- Governance, Risk, and Compliance
- Familiarity with maintaining compliance with frameworks such as PCI, CCPA, and US Data Privacy.
- Familiarity with compliance automation platforms.
- Experience creating and maintaining foundational security policies.
- Ability to manage Flexcar’s third-party vendor assessment process.
- Ability to create both general security awareness content for the organization as well as targeted training for a variety of individual teams.
Benefits
- Flexible Paid Time Off and Sick Time
- 401(k) with company match from day one of hire
- Excellent, low-cost healthcare coverage including: medical, dental, vision, eligibility day one
- Discounted employee rate on Flexcar products and no annual membership fee
- Weekly Pay and other amazing perks!
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
Education Level
No Education Listed
